accounts: use "evobsd_internal_group" for SSH authentication

dev
Jérémy Dubois 9 months ago
parent ad025bf507
commit f0ecc79696
  1. 2
      CHANGELOG
  2. 7
      roles/accounts/tasks/main.yml
  3. 8
      roles/accounts/tasks/user.yml
  4. 1
      vars/main.yml

@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Changed
- accounts: use "evobsd_internal_group" for SSH authentication
### Fixed
### Removed

@ -1,4 +1,9 @@
---
- name: "Create {{ evobsd_internal_group }} group"
group:
name: "{{ evobsd_internal_group }}"
system: true
- name: "Create {{ evobsd_ssh_group }} group"
group:
name: "{{ evobsd_ssh_group }}"
@ -69,7 +74,7 @@
block: |
Match Address {{ evolix_trusted_ips | join(',') }}
PasswordAuthentication yes
Match Group {{ evobsd_ssh_group }}
Match Group {{ evobsd_internal_group }}
PasswordAuthentication no
insertafter: EOF
validate: '/usr/sbin/sshd -t -f %s'

@ -38,6 +38,14 @@
tags:
- admin
- name: "Add {{ user.name }} to {{ evobsd_internal_group }} group"
user:
name: "{{ user.name }}"
groups: "{{ evobsd_internal_group }}"
append: true
tags:
- admin
- name: "Add {{ user.name }} to {{ evobsd_ssh_group }} group"
user:
name: "{{ user.name }}"

@ -23,6 +23,7 @@
# evomaintenance_urgency_from: mama.doe@example.com
# evomaintenance_urgency_tel: "06.00.00.00.00"
#
# evobsd_internal_group: "foo"
# evobsd_ssh_group: "foo-ssh"
# evobsd_sudo_group: "foo-sudo"
#

Loading…
Cancel
Save